error with Authorization header malformed

Same problem here…
It only happen if used with Basic Authorization toghether. As I used the Basic Authorization for page protection (for developement), I made changes in the plugin to use JWTAuthorization insted Authorization (HTTP_JWT_AUTHORIZATION insted HTTP_AUTHORIZATION). So, with no basic auth, works fine, but with basic auth I got this issue…

Im my case I solved this problem comented the line 234 in script public/calss-jwt-auth-public.php

$auth = isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : false;

So, the error stop dispatch…
The problem is if your server uses some type of Authorization before check JWT Authorization…

Thanks man, but it didn’t solved the issue in my case.
In the same script, this line list($token) = sscanf($auth, 'Basic %s'); I try using Bearer or Basic but does not matter, just the error change.
Try comment the line as you said, still the same error.

Fatal error: Uncaught exception 'Automattic\WooCommerce\HttpClient\HttpClientException' with message 'Error: Wrong number of segments [jwt_auth_invalid_token]' in ..

It’s supposed to work smoothly after updates, I have a production system and can not afford downtime due to bad behaviour of wordpress plugins.

The funny thing is, the guy who wrote this plugin, doesn’t seem to test it before release.

@deepcell @pesseba

I ended up also commenting out some lines in class-jwt-auth-public:
lines 252-258 are commented out as well as 311 to 317. I’m on wpengine and haven’t contact support to ask about this. I did add the SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1 to my .htaccess and I was still getting that error. So after commenting those lines that throw an error – my auth seems to be working again. I only checked two routes though that use it. Seems like wpengine is doing some auth or something and the plugin thinks there is a token being sent because I am just trying to make a simple GET request that does not require auth and I get that error Authorization header malformed. I should also note that I’m using woocommerce and using their http-client to fetch data. If I disable the JWT plugin, I can fetch all my products, but when I enable it I get that error. So I’m not sure if it has to do with WC either.

I will report more once I talk to WPENGINE.

• This reply was modified 5 years, 7 months ago by everytuesday.